from rest_framework import permissions


# 定义一个控制对象级别的权限
class IsOwnerOrRead0nly(permissions.BasePermission):
    def has_object_permission(self, request, view, obj):
        # 判断登录账号是否是管理员
        if request.user.is_superuser:
            return True
        return obj == request.user
